WASHINGTON, D.C. – Legislation authored by U.S. Senators Gary Peters (D-MI), Josh Hawley (R-MO), Maggie Hassan (D-NH), Steve Daines (R-MT), and Rob Portman (R-OH) to update and authorize the Federal Risk and Authorization Management Program (FedRAMP) has advanced in the Senate. The bill would ensure federal agencies are able to quickly and securely adopt cloud-based technologies that improve government operations and efficiency. It will also make FedRAMP more accountable to the American people and create private sector jobs in companies that provide cloud services. The legislation was approved by the Senate Homeland Security and Governmental Affairs Committee, where Peters serves as Chair and Portman serves as Ranking Member.
“Quickly adopting cloud-based systems will help federal agencies improve digital services for the American people and save taxpayer dollars. While using these technologies will bolster our nation’s competitiveness – we must also ensure they are safe from relentless cyber-attacks and that the sensitive information stored by cloud-based federal systems is secure,” said Senator Peters. “This important bipartisan bill will modernize and expedite the process by which agencies can receive approval to securely use cloud technologies, create good-paying jobs, and incentivize cloud companies to create more effective products.”
“It’s critical that federal agencies have access to the safest and newest cloud-based technology to ensure the government is functioning efficiently and that important information is kept secure,” said Senator Hawley. “This legislation accomplishes those crucial tasks while also creating good-paying private sector jobs.”
“As the government continues to face increasing cybersecurity threats, it is important that we have secure, uniform protocols on what cloud programs federal agencies use,” said Senator Hassan. “This bipartisan bill would streamline the approval process for cloud computing products, which will help speed up our IT modernization efforts and strengthen our overall cybersecurity capabilities. I am glad to be working on this bill with my colleagues on both sides of the aisle, and I will continue to support commonsense reforms to make sure that the United States is at the forefront of cybersecurity.”
“It’s important we modernize our laws to allow us to take advantage of new cloud technologies and bring our government into the 21st century,” said Senator Daines. “Not only will this help create jobs and save taxpayer dollars, but it will ensure that our networks are secure and vital personal and national security information is protected.”
“The security of our federal government’s cloud-based services is critical to ensuring the safety of our country,” said Senator Portman. “That’s why I’m pleased we have worked collaboratively to ensure this bipartisan bill will enable the proper vetting of cloud-based services and their providers while also improving the efficiency of the vetting process so the government has access to a wide variety of products.”
Cloud storage and other technologies are widely used by the federal government. FedRAMP has defined the responsibilities of federal agencies since 2011 to ensure cloud-based information technology is used appropriately. Updating and authorizing this program will ensure it is accountable to Congress and that cloud-based products procured by federal agencies are secure. Under FedRAMP, there are currently are more than 200 Cloud Service Providers serving 183 federal agencies. Thirty percent of these providers are small businesses and investing in this technology will help these companies grow their business and hire new workers. As the COVID-19 pandemic continues pushing agencies to adopt these technologies so federal employees can effectively serve the American people while working remotely, the senators’ bipartisan legislation will help ensure that agencies' processes of moving safely to the cloud are streamlined and efficient. The senators’ legislation comes after an announcement from Microsoft, which provides cloud services to multiple federal agencies, that Russia-backed hackers have been relentlessly targeting cloud service companies and others since this summer.
The Federal Secure Cloud Improvement and Jobs Act updates and authorizes FedRAMP for five years to ensure that cloud-based information technology can be quickly adopted by the federal government while ensuring that it is secure. The bill modernizes the process by which cloud products are deemed safe and can receive FedRAMP authorization. The legislation also establishes metrics to ensure proper implementation of FedRAMP, and requires the creation of a Federal Secure Cloud Advisory Committee to improve communication between federal agencies who utilize cloud technologies and the companies that provide them.